In Cigital’s seventh annual Building Security in Maturity Model report, cloud, agile software development and IoT factor into maturing secure software movement.

An attacker known as Anna-senpai released source code for the Mirai malware, which was used in a 620 Gbps DDoS attack against Krebs on Security.

The massive Yahoo breach, this week’s Security of Things Forum, Mamba ransomware, and Google Allo are discussed.

In a keynote at the Internet of Things Forum Dr. Kevin Fu said that medical devices should be subjected to rigor so patients can make clinically relevant decisions.

The Department of Homeland Security formally announced its plan to develop a set of strategic principles for the Internet of Things.

Wireless keyboards made by eight different companies suffer from a vulnerability that can allow attackers to eavesdrop on keystrokes from up to 250 feet away, researchers warned Tuesday. If exploited, the vulnerability, dubbed KeySniffer, could let an attacker glean passwords, credit card numbers, security questions and answers – essentially anything typed on a keyboard, in clear...

A host of web-based vulnerabilities in Orsam Lightify smart lighting products remain unpatched, despite private notification to the vendor in late May and CVEs assigned to the issues in June by CERT/CC. Researchers at Rapid7 today publicly disclosed some of the details on each of the nine vulnerabilities with temporary mitigation advice users can deploy...

Networked printers have always posed an interesting attack vector, mostly for academics looking for vulnerabilities, and vandals sending garbage to the print bin. Microsoft, today, however patched a legitimate vulnerability that an attacker could abuse to attack corporate and home networks. MS16-087, one of a half-dozen critical security bulletins published today by Microsoft, patches a...

If you’re sick and sitting in a drab hospital room hooked-up to a dialysis pump, the last thing you want to worry about is hackers. But according to IT healthcare security experts, there is a chance that life-saving dialysis machine is infected with malware, could even be processing fraudulent credit card transactions, or is part...

Browser makers and other tech companies have gone to great pains to beef up weak crypto libraries, in particular those that are exposed to fallback attacks such as POODLE. Attackers exploiting these vulnerabilities are able to dial back the encryption protecting communication to SSLv2 and SSLv3, for example, forcing servers to fall back to these...